HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 3
Denis Savitskiy, 2014-11-27 14:21
preformatted code
1 | 1 | Patrick Ludikhuyze | h1. HowTo configure a single sign-on into Redmine from an other App on the same server |
---|---|---|---|
2 | |||
3 | We had an App on our server and wanted to integrate Redmine into it. |
||
4 | We configured an LDAP authentication which made it possible for users to login with the same username and password. |
||
5 | But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site. |
||
6 | |||
7 | Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option. |
||
8 | |||
9 | h3. Basic Steps |
||
10 | |||
11 | * Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed) |
||
12 | The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table. |
||
13 | This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation. |
||
14 | |||
15 | * Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day |
||
16 | We also chose to not use Self registration but that could be site specific. |
||
17 | OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine. |
||
18 | |||
19 | * Configure the use of autologin cookie also in config/configuraion.yml |
||
20 | 3 | Denis Savitskiy | <pre> |
21 | autologin_cookie_name: autologin |
||
22 | autologin_cookie_path: / |
||
23 | autologin_cookie_secure: false |
||
24 | </pre> |
||
25 | 1 | Patrick Ludikhuyze | |
26 | P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further. |
||
27 | |||
28 | * Delete existing autologin token from Redmine DB |
||
29 | 3 | Denis Savitskiy | <pre> |
30 | SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...; |
||
31 | </pre> |
||
32 | 1 | Patrick Ludikhuyze | |
33 | * Create our new autologin token into Redmine DB |
||
34 | Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b) |
||
35 | 3 | Denis Savitskiy | <pre> |
36 | SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now()); |
||
37 | </pre> |
||
38 | 1 | Patrick Ludikhuyze | |
39 | * Create cookie with autologin token |
||
40 | This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours: |
||
41 | 3 | Denis Savitskiy | <pre> |
42 | setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be'); |
||
43 | </pre> |
||
44 | 1 | Patrick Ludikhuyze | |
45 | Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI). |
||
46 | |||
47 | * Sanitise command line to forward URL arguments to Redmine |
||
48 | 2 | Patrick Ludikhuyze | I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App. So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine. |
49 | 1 | Patrick Ludikhuyze | That would be site specific but shouldn't be too hard. |
50 | |||
51 | That should do the trick! |
||
52 | |||
53 | Happy Redmining ;-) |